Pages

About us

H4xOrin' T3h WOrLd

Sunny Kumar is a computer geek and technology blogger. He is a founder and editor of H4xOrin’ T3h WOrLd web-site. Always passionate about Ethical Hacking, Penetration Testing of Web applications, security, gadgets and ev-erything to go with it.His goal of life is to raise the awareness of Information Security, which is nowadays is the key to a successful business.

How to Crack a Wi-Fi Network’s WPA Password with Reaver

How to Crack a Wi-Fi Network’s WPA Password with Reaver

A new, free, open-source tool called Reaver exploits
a security hole in wireless routers and can crack most routers’ current
passwords with relative ease. Here’s how to crack a WPA or WPA2
password, step by step, with Reaver—and how to protect your network
against Reaver attacks.

What You’ll Need

You don’t have to be a networking wizard to use Reaver, the
command-line tool that does the heavy lifting, and if you’ve got a blank
DVD, a computer with compatible Wi-Fi, and a few hours on your hands,
you’ve got basically all you’ll need. There are a number of ways you
could set up Reaver, but here are the specific requirements for this
guide:

The BackTrack 5 Live DVD.

BackTrack
is a bootable Linux distribution that’s filled to the brim with network
testing tools, and while it’s not strictly required to use Reaver, it’s
the easiest approach for most users. Download the Live DVD from
BackTrack’s download page and burn it to a DVD. You can alternately
download a virtual machine image if you’re using VMware, but if you
don’t know what VMware is, just stick with the Live DVD. As of this
writing, that means you should select BackTrack 5 R1 from the Release
drop-down, select Gnome, 32- or 64-bit depending on your CPU (if you
don’t know which you have, 32 is a safe bet), ISO for image, and then
download the ISO.

A computer with Wi-Fi and a DVD drive.

BackTrack will work with the wireless card on most laptops, so
chances are your laptop will work fine. However, BackTrack doesn’t have a
full compatibility list, so no guarantees. You’ll also need a DVD
drive, since that’s how you’ll boot into BackTrack. I used a six-year-old MacBook Pro.

A nearby WPA-secured Wi-Fi network.

Technically, it will need to be a network using WPA security with
the WPS feature enabled. I’ll explain in more detail in the “How Reaver
Works” section how WPS creates the security hole that makes WPA cracking
possible.

A little patience.

This is a 4-step process, and while it’s not terribly difficult to
crack a WPA password with Reaver, it’s a brute-force attack, which means
your computer will be testing a number of different combinations of
cracks on your router before it finds the right one. When I tested it,
Reaver took roughly 2.5 hours to successfully crack my password. The
Reaver home page suggests it can take anywhere from 4-10 hours. Your
mileage may vary.

Let’s Get Crackin’

At this point you should have BackTrack burned to a DVD, and you should have your laptop handy.

Step 1: Boot into BackTrack

To boot into BackTrack, just put the DVD in your drive and boot your
machine from the disc. (Google around if you don’t know anything about
live CDs/DVDs and need help with this part.) During the boot process,
BackTrack will prompt you to to choose the boot mode. Select “BackTrack
Text – Default Boot Text Mode” and press Enter.
Eventually BackTrack will boot to a command line prompt. When you’ve
reached the prompt, type startx and press Enter. BackTrack will boot
into its graphical interface.

Step 2: Install Reaver

Reaver has been added to the bleeding edge version of BackTrack, but
it’s not yet incorporated with the live DVD, so as of this writing, you
need to install Reaver before proceeding. (Eventually, Reaver will
simply be incorporated with BackTrack by default.) To install Reaver,
you’ll first need to connect to a Wi-Fi network that you have the
password to.
Click Applications > Internet > Wicd Network Manager
Select your network and click Connect, enter your password if necessary, click OK, and then click Connect a second time.
Now that you’re online, let’s install Reaver. Click the Terminal button
in the menu bar (or click Applications > Accessories > Terminal).
At the prompt, type:

root@root:~# apt-get update

And then, after the update completes:

root@root:~# apt-get install reaver

If all went well, Reaver should now be installed. It may seem a
little lame that you need to connect to a network to do this, but it
will remain installed until you reboot your computer. At this point, go
ahead and disconnect from the network by opening Wicd Network Manager
again and clicking Disconnect. (You may not strictly need to do this. I
did just because it felt like I was somehow cheating if I were already
connected to a network.)

Step 3: Gather Your Device Information, Prep Your Crackin’

In order to use Reaver, you need to get your wireless card’s
interface name, the BSSID of the router you’re attempting to crack (the
BSSID is a unique series of letters and numbers that identifies a
router), and you need to make sure your wireless card is in monitor
mode. So let’s do all that.Find your wireless card:

This command will output the name of monitor mode interface, which
you’ll also want to make note of. Most likely, it’ll be mon0. Make note
of that.
Find the BSSID of the router you want to crack: Lastly, you need to
get the unique identifier of the router you’re attempting to crack so
that you can point Reaver in the right direction. To do this, execute
the following command:

root@root:~# airodump-ng wlan0

(Note: If airodump-ng wlan0 doesn’t work for you, you may want to try the monitor interface instead—e.g., airodump-ng mon0.)
You’ll see a list of the wireless networks in range—it’ll look something like the screenshot below:

When you see the network you want, press Ctrl+C to stop the list from
refreshing, then copy that network’s BSSID (it’s the series of letters,
numbers, and colons on the far left). The network should have WPA or
WPA2 listed under the ENC column.
Now, with the BSSID and monitor interface name in hand, you’ve got everything you need to start up Reaver.

Step 4: Crack a Network’s WPA Password with Reaver

Now execute the following command in the Terminal, replacing bssid
and moninterface with the BSSID and monitor interface and you copied
down above:

root@root:~# reaver -i moninterface -b bssid -vv

For example, if your monitor interface was mon0 like mine, and your
BSSID was 8D:AE:9D:65:1F:B2 (a BSSID I just made up), your command would
look like:

root@root:~# reaver -i mon0 -b 8D:AE:9D:65:1F:B2 -vv

Press Enter, sit back, and let Reaver work its disturbing magic. Reaver will now try a series of PINs on the router in a brute force attack,
one after another. This will take a while. In my successful test,
Reaver took 2 hours and 30 minutes to crack the network and deliver me
with the correct password. As mentioned above, the Reaver documentation
says it can take between 4 and 10 hours, so it could take more or less
time than I experienced, depending.

A few important factors to consider:

Reaver worked exactly as advertised in my test, but it won’t
necessarily work on all routers (see more below). Also, the router
you’re cracking needs to have a relatively strong signal, so if you’re
hardly in range of a router, you’ll likely experience problems, and
Reaver may not work. Throughout the process, Reaver would sometimes
experience a timeout, sometimes get locked in a loop trying the same PIN
repeatedly, and so on. I just let it keep on running, and kept it close
to the router, and eventually it worked its way through.
Also of note, you can also pause your progress at any time by
pressing Ctrl+C while Reaver is running. This will quit the process, but
Reaver will save any progress so that next time you run the command,
you can pick up where you left off-as long as you don’t shut down your
computer (which, if you’re running off a live DVD, will reset
everything).

How Reaver Works

Now that you’ve seen how to use Reaver, let’s take a quick overview
of how Reaver works. The tool takes advantage of a vulnerability in
something called Wi-Fi Protected Setup, or WPS. It’s a feature that
exists on many routers, intended to provide an easy setup process, and
it’s tied to a PIN that’s hard-coded into the device. Reaver exploits a flaw in these PINs; the result is that, with enough time, it can reveal your WPA or WPA2 password.

How to Protect Yourself Against Reaver Attacks

Since
the vulnerability lies in the implementation of WPS, your network
should be safe if you can simply turn off WPS (or, even better, if your
router doesn’t support it in the first place). Unfortunately, as
Gallagher points out as Ars, even with WPS manually turned off through
his router’s settings, Reaver was still able to crack his password.
So that’s kind of a bummer. You may still want to try disabling WPS
on your router if you can, and test it against Reaver to see if it
helps.
You could also set up MAC address filtering on your router (which
only allows specifically whitelisted devices to connect to your
network), but a sufficiently savvy hacker could detect the MAC address of a whitelisted device and use MAC address spoofing to imitate that computer.
Double bummer. So what will work?
I have the open-source router firmware DD-WRT installed on my router
and I was unable to use Reaver to crack its password. As it turns out,
DD-WRT does not support WPS, so there’s yet another reason to love the
free router-booster. If that’s got you interested in DD-WRT, check their
supported devices list to see if your router’s supported. It’s a good
security upgrade, and DD-WRT can also do cool things like monitor your
internet usage, set up a network hard drive, act as a whole-house ad
blocker, boost the range of your Wi-Fi network, and more. It essentially
turns your $60 router into a $600 router.

Bannerizer makes it easy for you to promote ClickBank products by banners, simply go to Bannerizer, and grab the banner codes for your selected ClickBank products or use the Universal ClickBank Banner Rotator to promote all of the available ClickBank products.